问题
I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS.
cURL is returning this error:
unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
I tested again and on my computer is working fine but on server not. I think it's because I used OpenSSL to generate certificates but on server is installed NSS.
I can't find how to generate certificates with "certutil" or with "openssl" to be valid with NSS.
回答1:
The failure was due to my PKCS#8 private key format:
- With a PKCS#8 private key-----BEGIN ENCRYPTED PRIVATE KEY----- header
or-----BEGIN PRIVATE KEY----- header
curl+openssl works, but not curl+nss+libnsspem.so
- With a RSA private key-----BEGIN RSA PRIVATE KEY----- header
both curl+openssl and curl+nss+libnsspem.so work.
So use this command openssl rsa -in key.pem -out newkey.pem to remove the pass phrase on an RSA private key:
来源:https://stackoverflow.com/questions/22499425/ssl-certificate-generated-with-openssl-not-working-on-nss